nextcloud ios client app "invalid certificate" bug #1036
Comments
|
I encountered this probelm too.Only happens on iOS.Android and Web is fine. |
|
Okay,I search for why iOS 13 will fail when using self-sign certificate.It seems iOS needs certificate issued after 1/7/2019 needs to short than 825 days. |
|
any solution? i have certificate created with letsencrypt and have short than 825 days. it was created in first of january 2020. with 2.25.5 of nextcloud doesn't allow access in ios 13 |
|
have you trust your self-signed certificate in "settings->genernal->about->certificate trust settings"?you have to enable the trust before ios trust your certificate for real. |
|
my certificate is not selfsigned. is generated by letsencrypt. Anyway I have the certificate installed and it still doesn't work. |
|
still here. |
|
i think its not a problem with certificate because with another app to connect to Webdav of my server works with Iphone. But with nextcloud app not. |
|
and my server with nextcloud app in android works. |
|
oh,if your certificate is not self-signed,then i have no idea why it would happens.sorry. |
|
My issue is similar. I have a self signed deployment. On first login it prompts to connect to server anyway. Specify yes. Works ok for a couple of hours. Then suddenly it just doesn’t go away, constantly prompting me that the certificate is invalid and do I want to connect anyway (every 4 seconds roughly) and won’t go away. |
|
Maybe an option could be added in the app settings to permanately accept an invalid certificate. So it doesn't keep prompting? |
|
I have this issue as well. To me it occurs periodically after the LE certs are being rotated. The error message disappears when I reset the cache in the app. |
|
This problem still exists and also affects Nextcloud Talk App (invalid certificate message) v. 8.1.0. Self-signed certificates are not the cause. It seems as if with the nextcloud iOS app (2.25.9.2): a) the problem is caused by Nextcloud. b) it is limited to iOS (web access and desktop client work without problems). b) when the temporary storage/cache is cleared, the problem is solved for a short time, but then reappears. c) it also affects server certificates that are valid for less than 825 days. d) the fact that the certificates are self-signed is not the reason for the problem. e) an update to nextcloud server 18.0.4 and app version 2.25.9.2 does not solve the problem. f) it affects the downloading of files (start, speed). g) mobile access to nextcloud via the browser (Safari iOS) works without problems (certificate seems therefore not to be a problem). |
|
Did someone find a solution? (@JorisBodin seems like other users experience this as well) |
|
When this will be fixed? |
|
On iOS 13.5 and Ubuntu 20.04 LTS and the bug is still there. Same behaviour as everyone above. The message still randomly pops up and randomly disappears after killing app but always comes back eventually. Web browser and most webdav apps are also fine. I'm wondering if it's the cert and not the app though - Subsonic clients for example have a mixture of success too - e.g., I can get the iOS app Soundwaves to work because it has a do not validate SSL certificates option, but not on other Subsonic-based apps that I guess must rely on valid certificates. Running "openssl s_client -connect my.local.ip:443" returns a line that says "Verification error: self signed certificate" which I think is a lot to do with it. Self-signed certs and iPhones needs work. I've imported my cert into my iPhone and have allowed it permission too but still get this persistent bug. |
|
iOS App 3.0.1.18 I access my server via NATed server address, say 192.168.88.10 to hide it from external access, only internal users can access or they use VPN but from outside server is accessible trough FQDN with Lets Encrypt certificates. before it works fine - it complains about invalid certificates, I restart iOS App and accept these "invalid" (but really legal certificates of this server) and all was fine but! today I updated my Lets Encrypt certificates and now message is not like from topic starters first post, but red and without possibility to accept and interact atall
|
|
worked around by "old, but gold" - removed account, add same 192.168.88.10 server, accepted "invalid" certificate, login with my creds and all works again, hope, that it is only once, not every 3 month's |
@TasPats Did the same a while ago. Will come back randomly. And does not solve the problem NC (@JorisBodin) should really look into it. |
|
I was having the problem exactly as described and was just "dealing with it" by clicking on "connect anyway" -> "yes" several times. It was annoying, but it worked. A recent ios upgrade has made things worse. I can no longer click "yes". There is no option to "connect anyway". All three of our ios phones can no longer connect at all to my Nextcloud server with self-signed certificates. This sucks. Also, I went into the ios setting to Certificate Trust Settings and there is nothing to configure. No way to add exceptions. |
|
I also have the same issue like @cogitech2 described above. In my home network I have a Odroid with Ubuntu 18.04. On this server runs Nextcloud 19.0.1. On my Linux Desktop all works fine (browser and app). On my iOS device (13.6) I got the invalid certificate error. This was normal because the instance is running in my local network so the certificate is self signed. Normally, there was a modal where I could accept the risk and all was fine. But for 1-2 weeks it was not possible to accept the risk and the app is useless at the moment. It would be nice if someone can provide a fix because I think many users could have a similar issue. “The best cloud is the private cloud” 😄 Log: The certificate for this server is invalid. You might be connecting to a server that is pretending to be “10.10.0.112”, which could put your confidential information at risk. |
|
@thesilk-tux Thanks for taking the time to post your report! The more who speak up, the more likely we will receive a solution of some sort. Cheers! |
|
@thesilk-tux I just tried the work-around that @TasPats mentioned above and it fixed the issue - for now. When re-creating the account, it gives the certificate error and then you can just connect anyway. After that the app connects normally (no persistent error messages, either). The only thing is, I had to go in and completely set up all auto upload settings, turn off caching, etc in the app. It forgot all these settings. On top of this, I had to initialize a complete re-sync ("Upload whole camera role"), so it is now plugging away at over 1000 photos even though they are on the Nextcloud server already. Best I can tell, it is not creating duplicates so that's some good news. |
I can confirm the same behavior, but with 8k+ files to re-upload. iOS App version 3.0.5.8 |
|
@jurkstas @cogitech2 thanks a lot. This helped us a lot and my wife is happy now after uploading 1700 pictures manually 😄 |
|
When updated to Nextcloud 19.0.2 Server Side, the problem so far seems to be gone. Anyone observed the same? App is on iOS Version 3.0.6.8. |
|
my Lets Encrypt certificate updated and I get red error window without option to accept certificate as valid Nextcloud Server 19.0.3. only option remove active account, lost cached files and reenter credentials and resync data ironically, that Linux Desktop client 3.0.2. accept new certificate with one click and so Nextclod Android app 3.13.1. with one touch |
|
The problem is still there! Nextcloud Server 21.0.0.18 This bug renders the iOS Nextcloud client completely useless and calls the whole concept of a private cloud into question. |
|
Indeed. I have abandoned Nextcloud at this point. Deleting the accounts from the iOS apps on 4 phones and re-adding and re-syncing every week or two is simply not feasible. Since the primary usage in my case is backing up photos/videos from the phones, I have decided to use a dedicated phone app to simply sync photos/videos to an SMB share on my NAS. |
|
@DennisBankmann @B-X-M do you have an account test for me where this issue is present ? |
|
i migrate to LE wildcard cert *.mydomain.com and FQDN (instead valid IP) Nextcloud server access and now all is smooth, iPhone, iPad with 14.7.1, 4.0.4.0, 21.0.3. and so with Android client 3.16.1 |
Unfortunately not. As this is a company instance, I am allowed to provide a test account. Is there any data I can provide in order to make bugfixing possible? |
Thanks for the follow-up! PS: it could also be related to phone rebooting or OS update as apple released ios update 14.7.1 in the last days, too. |
|
Same problem here, iOS 14.7, App Version 4.0.6, nextcloud instance 22.0 with valid LE certificate. |
|
I'm experiencing this problem as well with a LetsEncrypt certificate. Every couple of seconds the iOS app pops up the window saying that the certificate is invalid, but if I view the certificate it is the correct one and it hasn't expired or been revoked. I can access the server directly in Safari, Firefox etc. on iOS without any problems, and I have no problems with the Android app or the Linux client, so I strongly suspect this is a problem confined to the iOS app. App version: 4.0.4 All are the latest available versions and I've checked for updates. |
|
|
I access the server via the iOS app - that was authenticated originally (ages ago) via the browser. The configuration with LetsEncrypt has worked for over a year and has stopped recently (not sure when exactly as I don't always go into the app). I haven't changed anything on the server other than installing updates, likewise with the app. |
|
Still an issue on 4.0.5 (updated automatically yesterday). |
|
I'm running into this as well, 4.0.6.0 Nextcloud Liquid for iOS, Nextcloud server 22.1.0. Mobile Safari accepts the LE cert as valid. I cannot provide a test account as it's only accessible over my VPN. |
|
Also an issue for me App-Version: 4.0.6.0 Any time I change from mobile to WIFI or vice versa it tells me that the certificate is invalid although it isn't. I'm using split-dns (Url nextcloud.example.com shows to internal IP (in WIFI) - the same URL shows to my public (proxied) IP from Cloudflare via MobileNetwork). Both certificates are valid (the public one is served by cloudflare - the private one is served by Let's Encrypt) Cheers |
|
I have the Same Problem on NC 22.1.0 and App Version 4.0.6.0 |
|
all, who say "On the Browser i do Not have this Problem."
|
No i don't have an exception in my Browser and the Server Access String is the same. |
|
Same here, I don't have an exception for my Nextcloud instance in my browser and the certificate is the same. I also don't have a problem with the Android app. This definitely seems to be a problem with the iOS app as every other mechanism of accessing my Nextcloud works. |
I don't have an exception in the browser.
I'm very new with NextCloud and I'm not sure where to find the "server access string" but the domain that the cert is issued for and that the iOS clients are giving me this message about is the value for |
|
Sorry this will not help most of you but just wanted to say I got this
working on the iPhone with this strategy: generate a valid certificate. I
used a simple fake domain for my home network - literally anything not real
.com. And then some Linux command long forgotten (implemented this years
ago) to generate and point to the certificate.
I then imported the certificate file to my iPhone as a profile in General >
Settings > Profiles. I think I got some warnings and errors and ok’d them.
It is showing verified in green text. The Nextcloud app works on my iPhone
and has done on every update for a few years.
I made sure to add the Nextcloud to the app using the domain name. A few
years back before I tried this the certificate would error repeatedly and
then with this work around it just stopped and hasn’t failed since. My cert
expires in 2030.
…On Wed, Aug 18, 2021 at 14:47 Neal Clark ***@***.***> wrote:
all, who say "On the Browser i do Not have this Problem."
- do you have exception for Your site in browser?
I don't have an exception in the browser.
- is server access string in Nextcloud application is the same as in
LE cert, and in "Browser i do Not have this Problem"?
I'm very new with NextCloud and I'm not sure where to find the "server
access string" but the domain that the cert is issued for and that the iOS
clients are giving me this message about is the value for overwritehost,
is the domain part of the value for overwrite.cli.url and is the first
element in my trusted_domains array.
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#1036 (comment)>, or
unsubscribe
<https://github.com/notifications/unsubscribe-auth/AH2SHJTASNTQCF25KNX6WADT5P545ANCNFSM4JYMAS3A>
.
Triage notifications on the go with GitHub Mobile for iOS
<https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675>
or Android
<https://play.google.com/store/apps/details?id=com.github.android&utm_campaign=notification-email>
.
|
|
What i just checked, was That when i am in my local Network and Look at the Details of the Certificate there stands cloud.domain.at (thats Correct) |
|
After some googleing i found something to try out: |
|
Got that problem also on my side. Wildcard certificate from Lets Encrypt is clearly valid. IOS, Nextcloud App and Nextcloud servers are latest version. Deleted and re-created the account : No luck. Still invalid certificate error in the app. |
|
And if a developper needs a test account in my cloud, you can PM me. I can provide you with one. The account will not be allowed to share anything and storage will be restricted to 1G but it will be enough for any test you need about this one. |
|
This didn't work for me.. @Heracles31 do you also use a Reverse Proxy? |
|
Yep ; HAProxy is doing the job and is configured as an SSL accelerator : it terminates SSL and connects back over clear text HTTP to the Nextcloud Docker. |
|
Ok so this like the NGINX Reverse Proxy? |
|
I never use NGinx here. Apache, Squid, HAProxy.... Still, an HTTP reverse proxy is an HTTP reverse proxy... But I can not tell you anything specific about NGinx because I never use it. |
|
Same problem for me. I have a valid LE certificate, works with every client except iOS App which will bring up the invalid certificate error. I can view the certificate, it is the correct and valid certificate for the correct domain which is used to connect. |
|
I've noticed this is happening with me today. I'm using Apache/2.4.6 (CentOS) with a LE certificate which is valid and accepted on everything else I use. A+ Rating on SSL Labs. Issue only started recently. LE certificate was rotated on 22 Aug 2021 22:01:48 - not sure if it was occurring since then as I haven't been in the app but mentioning that in case that's helpful. |
|
Same issue for me as for others on iOS 14.7.1. Let's Encrypt valid certificate, Nextcloud 21.0.4 with Nginx web server (Armbian 21.08.1 Buster). Interestingly, I haven't this behaviour with another corporate account. |
|
This issue is historical/closed. If you are getting this error I encourage you to comment on the active issue so it gets more attention |
and others
Expected behaviour
iOS App should (a) accept the self-signed certificate, when this is (b) still valid and (c) is added as an accepted exeption certificate during the first set-up of the app.
Actual behaviour
When accessing the iOS app to see/download documents, every two seconds the message appears: "the certificate for this server is invalid" and "Error: unable to download". This happens even if you click on "connect anyway" -> "yes" for several times. It seems to be limited to the iOS version, as desktop client and web-access is working fine. It also worked before nextcloud 17 and/or before an app update. Somebody reported this problem also here.
clear cache and reinstall the app and log-in again from scratch does not help.
Steps to reproduce
install ios app, connect to server (login), try to access a file.
iOS version
13.2.3
App version
2.2.5.1
Server configuration
Operating system:
Ubuntu 18.04.3 LTS (GNU/Linux 4.4.0-142-generic)
Web server:
Apache/2.4.39
Database:
mysql 8.0.18
PHP version:
7.2.18
TLS
TLS 1.3
Nextcloud version: (see Nextcloud admin page)
17.0.1.
The text was updated successfully, but these errors were encountered: